How Can John Oliver Help with Small Business Cybersecurity in Seattle?

Yup, we know. You clicked on this link because we name-dropped John Oliver in the title. Therefore, without further ado, let’s let John Oliver himself introduce this important topic for small business cybersecurity.

That was a great intro piece that explained why consumers need to be wary of robocallers, but it didn’t do much to explain the impact of malicious robocalling on your small business. In our opinion, this was a big oversight on John’s part because small businesses are in greater danger from illegal robocalls than consumers are.

Get the facts in today’s article.

How Do Illegal Robocalls Impact Small Business Cybersecurity?

Remember that frightening section near 6:00 when cybersecurity expert Jim Stickley got Jeff Rossen’s mother’s Social Security Number? What kind of information was that terrifying giggling robot at 10:00 trying to get? In the cybersecurity industry, we have a name for when a scammer calls someone and tries to get private data. It’s called vishing.

Vishing, a combination word of “voice” and “phishing,” is the whole point of malicious robocalling, so even though John Oliver didn’t use the actual, proper term in his report, he still described it quite well.

As you saw in the video, phone scammers (both robots and humans) use a wide variety of tactics to get access to private data, and they often succeed. However, when a vishing scammer calls a consumer, they can only get data from a single person (the target) because most people don’t have access to other people’s private data.

Businesses, however, store a lot of data on a lot of people.

Think about this:

I don’t think I know anyone who could rattle off their best friend’s credit card number or Social Security Number from memory. I also don’t think I know anyone who has a file containing their best friend’s financial or personal data, because that would be super creepy.

However, there are many businesses here in Seattle that store data about their clients, so while I may not be able to look up my best friend’s personal or financial data, you might be able to if my friend is one of your customers.

Let’s think about the implications of that for a moment here:

• Imagine if a scammer called up the right person at your small business and presented a compelling and urgent reason for why they needed my best friend’s data.
• Imagine that the scammer pretended to be you, someone in Accounting, or your outsourced bookkeeper.
• Imagine if the scammer used the “spoofing” technique that John Oliver talked about to make it look like the call was legitimately coming from inside your business.

In this kind of scenario, I have a feeling that my best friend’s data would be revealed. I think that the data leak (AKA costly breach) would be even more likely if the scammer supplied partial data during the call, such as my friend’s email address, home address, last four digits of his credit card, or phone number.

As cybersecurity expert Brian Krebs reports, that method of supplying partial data is exactly what clever vishing scammers are doing these days.

Small Business Cybersecurity Has Higher Stakes Than Consumer Cybersecurity

So, let’s say that my best friend’s data was revealed.

If he had revealed the information himself, he’d be able to file a complaint with the police and, if the data was credit card data, he could reverse any illegal charges and cancel the card.

If your business revealed his data… well, that’s another story entirely.

I’m not going to spend time creating a bullet point list of how your company’s mistake would play out in the courts, The Seattle Times, or your revenues. You can imagine all that for yourself.

Instead, I’ll just remind you of all the information you handle.

In addition to storing customer data, your business also stores employee data, you probably use a few business credit cards and your company account holds more money than your personal account, and each of your employees has personal data that they’d freely give out if someone called them claiming to be in HR or Accounting.

In short: Companies are a much bigger target for vishing scammers because they offer a vastly bigger payoff.

Prevent Successful Vishing by Enhancing Your Small Business Cybersecurity

The FCC has a long list of recommendations to help consumers protect themselves from illegal robocalling scammers but, honestly, the FCC recommendations are laughable when you try to apply them to a small business.

I mean, how is your company supposed to thrive when you’re directed to: avoid calls from unknown numbers and hang up on unknown callers; not respond to any questions, especially those that require you to say “yes”; and hang up on callers who claim to be from a company or government agency?

I’m serious! Those are the FCC’s actual recommendations!

Since robocalling is already a lot worse this year than it was last year (1500 robocalls were placed each second in 2018, but nearly 2000 robocalls per second were placed in March 2019 alone), and since experts suggest that deepfakes will be the next evil innovation in robocalling, I figured you could use a few helpful pointers that can improve your small business cybersecurity practices, especially when it comes to vishing attacks.

• Download robocall blockers. Verizon just released a free blocker for their users, which is a stripped-down version of Call Filter, an app they’ve offered for a while at $3 a month. T-Mobile now offers their call blockers, Scam ID and Scam Block for free as well. Commercial providers of anti-robocalling software include RoboKiller, YouMail and the awesomely named Nomorobo.
• Train your employees to be wary of unsolicited data requests. Educate your staff about email phishing as well as vishing and provide them with examples of vishing attacks (you can use the John Oliver video for examples) and email phishing attacks. Best practices suggest you should train your employees often, so you may want to hold a quick, weekly small business cybersecurity briefing at your office (we can help with that).
• Establish and enforce clear data-gathering policies at work. No amount of anti-phishing/ anti-vishing training will help you if your HR and Accounting departments really do call employees at the last minute to request sensitive data over the phone. Consider setting up clear policies and procedures around collecting sensitive data from employees, such as sending out advance emails informing employees when HR will be calling or having a real person from Accounting walk over and collect customer data from a staff member in person.

Protect Your Business from Illegal Robocalls and Vishing Scams: Get an Expert on the Case

If you want some help setting up your policies, researching and implementing anti-robocall software, training your staff to identify phishing and vishing scams, or tightening your small business cybersecurity stance, Interplay can help.

Since 2001, Interplay has been helping Seattle-based businesses get more done at work with less hassle, through a combination of hands-on service, around-the-clock network monitoring, after-hours patching and updates, vendor and software licensing management, and other critical IT services.

And we’re happy to help you tackle vishing attacks and other cybersecurity hazards at your business.

 

Social engineering scams like vishing are hard to protect from, which is why criminals use them so often. That’s why the best idea for maintaining small business cybersecurity is to have a Plan B that protects you no matter what.